Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Volkswagen. Show all posts

Volkswagen Faces Production Standstill in Germany Due to IT Problem

 


There was a major IT outage at several of Volkswagen Group's German plants on Thursday, which halted production at most of them and caused the global production network to become unresponsive. This incident has affected VW's entire group, which includes Porsche and Audi, and has shown the vulnerability of VW's network infrastructure, which is very apparent as the incident began early on Wednesday morning. It highlights the vulnerability of VW's network infrastructure.    

According to a report by the German news agency DPA, the company has revealed that the IT infrastructure problems that occurred over the night have been resolved and production is beginning again. 

The company said that there was no indication that the disruption was caused by anything external. It has been confirmed that the entire Volkswagen group, including Porsche AG (P911_p.DE) and Audi brands, has been affected, the top carmaker in Europe said. 

According to a spokesperson for Audi, the production at the division has also been affected, although details about the extent of the impact are still being analyzed, however. It is already evident that the carmaker faces a diminished demand at its all-electric Zwickau plant, where a long-standing three-shift system that has been in place for decades may have to change due to muted demand for battery-powered cars. 

Reuters reported Volkswagen had a "problem" with the IT components at its global headquarters in Wolfsburg, Germany after the company reported an unspecified "IT malfunction".  Aside from Emden, Osnabrueck, Hanover, Dresden, and Zwickau, the outage affected several other German sites, including factories in Braunschweig, Kassel, Chemnitz, and Salzgitter, which manufacture components for the company. 

"There has been an issue with the line since 12:30 p.m. (CET) and the trouble is currently being investigated. There could be implications for the plants that produce cars," according to the group. It has been reported that some Volkswagen offices have been taken out of operation as a result of the incident. 

Volkswagen maintains that, as a result of the ongoing analysis, an external attack on its internal network is unlikely, and that computer systems and email networks are currently offline. There is still no known cause for this widespread "system malfunction", but efforts are still being made to fix the problem and bring the company's activities back on track. As a result, the company's activity is now back on track. 

VW recently announced that it would be cutting 269 temporary jobs at its Zwickau electric car plant in the early part of this month, according to AFP. As the electric vehicle segment gains momentum, the 10-brand group -- whose marques include Audi, Seat and Skoda -- faces intense competition, especially in China, one of the key markets. 

According to Volkswagen, their deliveries of cars to China in the first half of 2023 decreased by 1.2 per cent compared to the previous half of 2021. Several Volkswagen offices have been left offline due to this incident, which has caused a malfunction of computer systems and email networks. 

The company says that, based on its ongoing analysis, it is unlikely that an external attack will affect its internal systems. There are still no definitive answers as to the cause of this widespread "system malfunction," but efforts are ongoing to resolve it and return the company's activities to normal. 

The new IT incident will likely affect Volkswagen's quarterly results since the automaker has already been struggling with lower-than-expected production levels at its all-electric Zwickau plant. Over the past few years, Volkswagen has dealt with both stolen customer contract information and leaks of confidential information about factory robots built for automobiles. 

Recent reports suggest that the company (along with Audi, as well as other 25 brands) is a "data privacy nightmare on wheels" and is being criticized by Mozilla. Although the German manufacturer claims that the incident was not caused by an external attack, The Register suggests that it could have been the result of Russia's efforts to undermine nations that support Ukraine. 

There has been a pattern of DDoS attacks against German infrastructures and organizations by Russian hacktivists, or even Kremlin-sponsored cyber-crackers.

Audi And Volkswagen's Data Breach Affected 3.3 Million Customers

 

Volkswagen announced that a massive data breach exposed the personal information of over 3.3 million customers after one of its vendors left a cache of customer data unencrypted on the internet. In a letter to customers, Volkswagen said that the vendor utilized by Volkswagen, its subsidiary Audi, and authorized dealers in the United States and Canada had left customer data from 2014 to 2019 unsecured for two years between August 2019 and May 2021. 

Personal information about clients and potential buyers were included in the data, which was collected for sales and marketing purposes. Volkswagen Group of America, Inc. (VWGoA) is the German Volkswagen Group's North American subsidiary, responsible for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc. operations in the United States and Canada. 

Between August 2019 and May 2021, a vendor left insecure data accessible on the Internet, according to data breach notices submitted with the California and Maine Attorney General's offices. This specific vendor informed the VWGoA in March that an unauthorized person had gained access to the data and may have accessed customer information for Audi, Volkswagen, and some authorized dealers. 

According to VWGoA authorities, the hack affected 3.3 million customers, with almost 97% of those affected being Audi customers or potential buyers. The data breach appears to have exposed information ranging from contact information to more sensitive data including social security numbers and loan numbers. 

"The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages," disclosed VWGoA in a data breach notification. 

"The data also included more sensitive information relating to eligibility for purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers." 

The hackers are demanding between $4,000 and $5,000 for all of the records, claiming that the database contains no social security numbers. The threat actors earlier stated that the database for a VPN service provider with various Android apps on the Google Play Store was on sale for $1,000. 

Volkswagen is offering free credit protection and monitoring services to the 90,000 customers whose personal information was exposed, as well as $1 million in identity theft insurance.

Volkswagen and Audi Cars Are Vulnerable To Remote Hacking


As of late a Dutch information security company has found that the vehicle infotainment systems (IVI) put into effect in some Volkswagen Group car models are defenceless against remote hacking.
Data security researchers from Computest, Daan Keuper and Thijs Alkemade, effectively tested their discoveries and exploited chains on the Volkswagen Golf GTE and Audi A3 Sportback e-tron models.

The experts accessed the IVI framework's root account, which enabled them to get to other automobile data and remarked that they utilized a car's Wi-Fi connection to manipulate an unprotected port and access the car's IVI, mass-produced by the organization that provisions electronic products Harman.





 “Due to the vulnerability, it is also possible to discover, through the navigation system, where the driver has been, and to follow the car live wherever it is at a given moment,” said the information security researchers.


“… the attackers could listen to conversations that the driver is carrying out through the car, turn the microphone on and off, as well as access the full address book and the conversation history,” said the Computest researchers.

The specialists could have done all the more, however they thought it best to halt. Keuper and Alkemade remarked that the IVI framework is additionally in a roundabout way associated with the car's increasing speed and slowing mechanism, i.e. the acceleration and braking system, however they halted for the dread that they could damage Volkswagen's licensed innovation which in their terms means the intellectual property.

Notwithstanding the Wi-Fi attack vector, the analysts (researchers) likewise discovered that the various other vulnerabilities that could be misused through USB troubleshoot ports situated under the board.

These defects were found in July 2017, and they revealed all problems related to Volkswagen, taking part in various gatherings with the automaker.

 “The vulnerability we identified should have been found during an adequate security test,” the experts said. “During the meeting with Volkswagen, it was felt that the reported vulnerability was not yet known, despite being used in tens of millions of vehicles around the world, this IVI system was not subjected to a formal safety test and the vulnerability was still unknown to them.”

Volkswagen effectively tended to the reported issues, in spite of the mistake of executing an untested system inside their cars, Volkswagen worked with a team of information security professionals to address the announced failures.

 “The open interface in Golf GTE and Audi A3 was closed with an update of the infotainment software,” the Volkswagen executives wrote in a letter.






Despite the fact that Volkswagen is now shutting down the vulnerability in today's information and entertainment systems, experts are as yet concerned. This is on the grounds that the IVI framework that they have hacked does not accompany a wireless update system, which implies that it can't be updated with a software patch.

Then again, in the discussions with Volkswagen, the information security experts remark that the automaker implied having comprehended all the failures in the IVI frameworks that are still underway, yet have not said how they intend to manage the already sold cars.

The Data security professionals are withholding data about the exploitation of security flaws. The researchers made it clear that they won't uncover the correct administrations and ports they used to consolidate the VW Golf and Audi A3 models amid the trials.